Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

US20080301440A1 - Updateable Secure Kernel Extensions - Google Patents

Updateable Secure Kernel Extensions Download PDF

Info

Publication number
US20080301440A1
US20080301440A1 US11/754,658 US75465807A US2008301440A1 US 20080301440 A1 US20080301440 A1 US 20080301440A1 US 75465807 A US75465807 A US 75465807A US 2008301440 A1 US2008301440 A1 US 2008301440A1
Authority
US
United States
Prior art keywords
kernel
secure
cryptographic key
sensitive portions
extension
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/754,658
Other versions
US8332635B2 (en
Inventor
Wilfred E. Plouffe, Jr.
Kanna Shimizu
Vladimir Zbarsky
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/754,658 priority Critical patent/US8332635B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SHIMIZU, KANNA, PLOUFFE, WILFRED E., JR., ZBARSKY, VLADIMIR
Priority to PCT/EP2008/056351 priority patent/WO2008145602A1/en
Publication of US20080301440A1 publication Critical patent/US20080301440A1/en
Application granted granted Critical
Publication of US8332635B2 publication Critical patent/US8332635B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates generally to protected operating kernels for data processing systems. Specifically, the present invention is directed to an encrypted operating kernel that is updateable through extensions.
  • memory protection schemes are very useful, particularly for running today's very complex software, the protection schemes themselves increase the complexity of the computing hardware and the operating systems it supports. In some applications, this added complexity is highly undesirable.
  • a processor intended for high-end multimedia or real-time computationally intensive applications may have multiple specialized processor cores (such as specialized vector processing cores) on a single chip for intensive number-crunching.
  • processor cores such as specialized vector processing cores
  • the added hardware and software complexity involved in implementing conventional memory protection for each core's local memory could severely impact the attainable degree of parallelism as well as the performance of each individual processor core.
  • kernels allow additional kernel-level code (such as a device driver) to be loaded in at runtime (in the form of “kernel modules”) to augment an existing operating system kernel.
  • kernel modules are generally designed to operate in a “privileged mode,” in which the kernel has access to all memory addresses and other system resources.
  • kernel modules may come from untrusted sources, however, it may not be desirable to provide a kernel module unfettered access to all memory addresses and system resources. It would be safer to allow the module only the degree of privilege necessary to accomplish its intended purpose.
  • the present invention provides a method, computer program product, and data processing system for providing an updateable encrypted operating kernel.
  • secure initialization hardware loads a minimal secure kernel containing sensitive portions of data and/or code from a storage location accessible only to the secure initialization hardware itself and decrypts the minimal secure kernel into a portion of the processor-accessible memory space, from which the kernel is executed.
  • Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel.
  • the public/private key pair is specific to the processor on which the secure kernel runs.
  • the secure kernel Before passing control to a kernel extension the secure kernel deletes a selected subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are deleted/retained is determined by a cryptographic key with which the kernel extension is signed.
  • FIG. 1 is a block diagram of an exemplary data processing system in which a preferred embodiment of the present invention may be implemented
  • FIG. 2 is a block diagram of a secondary processing unit in accordance with a preferred embodiment of the present invention.
  • FIG. 3 is a memory map showing memory usage in a data processing system made in accordance with a preferred embodiment of the present invention
  • FIG. 4 is a memory diagram of an application 400 for use in a data processing system made in accordance with a preferred embodiment of the present invention.
  • FIGS. 5-7 are a flowchart representation of a basic execution flow of a secure kernel in accordance with a preferred embodiment of the present invention.
  • FIG. 1 is a block diagram of an exemplary data processing system 100 in which a preferred embodiment of the present invention may be implemented.
  • Data processing system 100 comprises a monolithic multiprocessor 101 containing several processor cores on a single integrated circuit.
  • Monolithic multiprocessor 101 includes a general-purpose primary processing element 102 and several secondary processing units for performing more specialized, computationally-intensive functions (secondary processing units 110 , 112 , and 114 ), connected by an internal bus 104 .
  • An external bus 105 external to monolithic multiprocessor 101 , interfaces monolithic multiprocessor 101 with main memory 106 and secondary storage 108 , as well as other peripheral devices (not shown).
  • Each of secondary processing units 110 , 112 , and 114 contains its own local memory in addition to main memory 106 . This allows secondary processing units 110 , 112 , and 114 to operate independently of primary processing element 102 in isolation mode, in which a particular secondary processing unit performs computations using its local memory without interference from primary processing element 102 . When not in isolation mode, secondary processing units 110 , 112 , and 114 may allow primary processing element 102 to access their respective local memory spaces.
  • processing element 102 includes hardware support for memory protection (in main memory 106 ), but secondary processing units 110 , 112 , and 114 do not contain memory protection hardware to prevent improper memory accesses of local memory within a secondary processing unit while in isolation mode.
  • Secondary processing unit 110 is interfaced to internal bus 104 (internal to monolithic multiprocessor 101 ), but also contains its own intra-unit bus 222 internal to itself. Secondary processing unit 110 contains a main datapath 220 , which comprises the control logic, registers, and functional units used to execute stored programs of instructions in secondary processing unit 110 . In addition to its main datapath 220 , secondary processing unit 110 contains its own local random access memory (RAM) 224 and persistent-storage memory 228 (which may or may not comprise a non-volatile memory technology, such as flash memory), for storing information persistently between operating sessions.
  • RAM local random access memory
  • persistent-storage memory 228 which may or may not comprise a non-volatile memory technology, such as flash memory
  • initialization hardware 226 refers to the hardware used to initialize the particular processing unit or datapath to be used for executing the secure kernel (which, in the case of the preferred embodiment described herein, is secondary processing unit 110 ).
  • the encryption-based protection scheme of the present invention could also be applied to a single-datapath processor (or “uniprocessor”), in which case initialization of the single datapath by secure initialization hardware would be essentially equivalent to a “warm initialization” or “reset” of the data processing system as a whole.
  • secure initialization hardware 226 In addition to resetting and enabling main datapath 220 during an initialization of secondary processing unit 110 , secure initialization hardware 226 also contains decryption hardware for decrypting an encrypted master copy of a system kernel (master copy 230 ) into local RAM 224 as part of the initialization process.
  • the decryption key for decrypting master copy 230 is embedded into secure initialization hardware 226 such that it cannot be read from main datapath 220 (or from intra-unit bus 222 , for that matter).
  • secure initialization hardware 226 triggers main datapath 220 to begin executing the decrypted secure kernel.
  • the decrypted secure kernel then uses a combination of public-key cryptography and digital signature verification to provide a software-based form of protection that is local to secondary processing unit 110 and may be used in isolation mode.
  • each party has two keys, a “public key,” used for encryption, and a “private key” used to decrypt messages encrypted with the public key.
  • a party's public key is “public” in the sense that the party makes the public key available to anyone who wishes to send encrypted messages to that party, while the private key remains secret. Even though multiple parties may possess the same public key, only the private key may be used to decrypt messages encrypted with the public key. In other words, it is computationally infeasible to decrypt a message encrypted with the public key unless one possesses the private key. This is in contrast to traditional secret key cryptosystems in which the same secret key is used for both encryption and decryption.
  • public-key cryptography is very useful in keeping information secret, public-key cryptography does not guard against forged or corrupted information. Since the public key can be distributed to others, and anyone possessing the public-key can encrypt messages that may only be read with the private key, public-key cryptography provides no way for the recipient of a message to know whether the message being received is genuine or originates with the source it purports to have originated from. For this reason, public-key cryptography is often used in conjunction with other cryptographic techniques that can be used to authenticate communications and verify the integrity of a message. Digital signatures are a natural complement to public-key cryptography that can be used to verify the identity of the originator of a message. With digital signatures, the sender of a message has a public/private key pair.
  • the sender uses its private key and the text of the message itself to compute a code that can be affixed to the message. This code is referred to as a digital signature.
  • the recipient of the message will possess the sender's public key, which it can use to verify that the digital signature attached to a particular message was signed using the private key of the sender corresponding to that public key.
  • One of the earliest digital signature schemes was the Rivest-Shamir-Adleman or RSA digital signature scheme, which, like the RSA public-key cryptosystem, is described in U.S. Pat. No. 4,405,829.
  • a preferred embodiment of the present invention makes extensive use of both public-key cryptography and digital signatures to provide data secrecy, preserve data integrity, and prevent unauthorized actions.
  • implementation of the present invention is not dependent on the use of any particular type of cryptosystem or digital signature scheme. Any presently known or future-developed cryptosystem or digital signature scheme may be utilized in an embodiment of the present invention.
  • FIG. 3 is a memory map showing memory usage in a data processing system made in accordance with a preferred embodiment of the present invention.
  • the most privileged piece of software in the system is secure kernel 302 , whose main function is to validate and authenticate other pieces of software, including kernel extensions, which reside in kernel extension area 304 . Kernel extensions provide the main functionality to system software, and may be updated, replaced, or added, as necessary or desired.
  • Secure kernel 302 is endowed with minimal functionality and is intended to remain the same during the lifetime of the data processing system. Secure kernel 302 is “secure” because its sensitive internals are shielded from inspection or access by other programs residing in the data processing system.
  • secure kernel 302 is a private key that is specific to that particular copy of secure kernel 302 .
  • secure kernel 302 's private key is specific to the particular chip (so that another chip from the same manufacturer of the same type and version would still have a different private key).
  • Secure kernel 302 also has a public key corresponding to its private key, but the public key need not be kept secret (since it is a public key).
  • Other sensitive pieces of information contained in secure kernel 302 would include other cryptographic keys as well as instructions for performing operations deemed to be privileged.
  • Secure kernel 302 is loaded into memory from a master copy whenever secondary processing unit 110 is initialized by secure initialization hardware 226 .
  • This master copy is stored in encrypted form.
  • the decryption key needed to decrypt the master copy is incorporated into secure initialization hardware 226 ( FIG. 2 ) and is not accessible to software. Consequently, secure kernel 302 can only be loaded into memory when secure initialization hardware 226 is activated (during an initialization of secondary processing unit 110 , as described above). This not only keeps sensitive portions of secure kernel 302 secret, but it also ensures that secure kernel 302 , when loaded into memory, is genuine and has not been tampered with.
  • Application software is loaded into and executes from application area 306 . Because no hardware memory protection scheme exists in a preferred embodiment of the present invention, applications executing from application area 306 may freely access other parts of the memory space, including such memory areas as kernel extension area 304 and secure kernel area 302 . The effect of memory protection is achieved, however, by deleting sensitive information from secure kernel area 302 and kernel extension area 304 prior to transferring control to an application residing in application area 306 , and by using secure initialization hardware to reload secure kernel 302 and any kernel extensions, when it becomes necessary to invoke kernel extension code.
  • the application For an application residing in application area 306 to make use of a kernel service, the application first writes information to mailbox area 308 . This information will include information regarding the particular kernel service requested as well as information necessary to return control to the application, such as a callback address. Once this information has been written to mailbox area 308 , the application triggers secure initialization hardware 226 to re-initialize secondary processing unit 110 . This causes a fresh copy of secure kernel 302 (including any sensitive portions thereof) to be loaded before any kernel services are performed. The sensitive portions of secure kernel 302 as well as any kernel extensions are then deleted before returning control to the application, according to the instructions left in mailbox area 308 .
  • a similar mechanism is also used for kernel extensions to prevent particular kernel extensions from having access to all of secure kernel 302 's secrets. Those sensitive portions of secure kernel 302 that are not needed by a kernel extension to perform a task are deleted by secure kernel 302 prior to passing control to the kernel extension. In this way, secure kernel 302 can delegate all or only some of its powers and responsibilities to a given kernel extension.
  • Using kernel extensions to perform most system software tasks allows system software to be updated without having to modify secure kernel 302 . This allows secure kernel 302 's master copy to be decrypted using an unrecoverable decryption key incorporated in secure initialization hardware 226 .
  • secure kernel 302 will never change, even if other system software is updated or replaced, there is no need to store the decryption key (or a corresponding encryption key, assuming it is different) anywhere outside of the secure initialization hardware-or if the decryption process is hard-wired into the logic of the hardware, anywhere at all.
  • Persistent data is data that remains stored between invocations of one or more applications.
  • An example of persistent data might be a database, or in the case of a video game console, a list of high scorers for a game.
  • FIG. 4 is a memory diagram of an application 400 for use in a data processing system made in accordance with a preferred embodiment of the present invention.
  • application 400 includes a public key 404 , which may be used to verify a digital signature 406 of application 400 .
  • public key 404 is specific to a particular application title, but not to a particular version of that application, so that multiple versions of the same application have the same public key 404 .
  • a cryptographic hash value 408 computed over code image 402 is provided to allow the integrity of application 400 to be verified.
  • a hash value is a numerical value that is the result of a function mapping a larger block of data into a limited number of bits.
  • a cryptographic hash value is computed using a one-way function (OWF), which is a function in which it is computationally intractable to compute the function's inverse.
  • OPF one-way function
  • An example of a cryptographic hash value is the well-known SHA-1 algorithm (Secure Hash Algorithm 1), developed by the National Institute of Standards and Technology (NIST), a U.S. federal agency.
  • cryptographic hash algorithms such as SHA-256, MD5 [Message Digest 5], and many others
  • SHA-256 SHA-256
  • MD5 Message Digest 5
  • the cryptographic hash value of code image 402 can be computed by secure kernel 302 and compared to cryptographic hash value 408 stored as part of the application. If the two values match, the application's integrity has not been compromised (i.e., code image 402 has not been tampered with or become corrupted).
  • public key 404 is used to verify signature 406 , it is important that public key 404 not be a forgery. Therefore, a digital signature computed over public key 404 (public key signature 410 ) is also included in application 400 . This signature can be verified by secure kernel 302 using one or more pre-defined public keys known to secure kernel 302 .
  • secure kernel 302 upon loading an application such as application 400 , generates an application-specific secret and an application-version-specific secret, which are stored in storage area 412 .
  • the application-specific secret is generated by computing a one-way function of secure kernel 302 's private key (which is specific to that copy of secure kernel 302 ) and public key 404 , which is specific to the application (but not version specific).
  • secure kernel 302 upon loading an application such as application 400 , generates an application-specific secret and an application-version-specific secret, which are stored in storage area 412 .
  • the application-specific secret is generated by computing a one-way function of secure kernel 302 's private key (which is specific to that copy of secure kernel 302 ) and public key 404 , which is specific to the application (but not version specific).
  • the application-version-specific secret is generated by computing a one-way function of secure kernel 302 's private key and a cryptographic hash value of the application image (possibly, but not necessarily the same as hash value 408 ). This results in a secret that is specific to not only the application title and secure kernel instance, but to the particular version of the application itself.
  • These application-specific and application-version-specific secrets may be used for secret-key (symmetric-key) encryption of information that is to be comprehendible to only a particular application title or particular version of an application (for storage in non-volatile storage 310 , for example).
  • secret-key symmetric-key
  • two different processors running two different copies of secure kernel 302 with different private keys
  • an additional benefit to having the secrets computed by secure kernel 302 upon loading is that the secrets themselves need not be stored permanently. When an application terminates, the secrets can be safely deleted, since secure kernel 302 will re-compute the secrets (with the same value) the next time the application is executed.
  • Kernel extensions resemble applications in that they also include a digital signature, so they may be organized in much the same way as application 400 is in FIG. 4 .
  • An important difference between kernel extensions and applications, however, is that kernel extensions are stored in encrypted form such that they can only be decrypted using secure kernel 302 's private key, which itself is only available when secure kernel 302 is loaded and executed immediately following a secure initialization (using the secure initialization hardware).
  • Public-key cryptography makes it possible to update, replace, or add kernel extensions without compromising secure kernel 302 's private key.
  • the source (manufacturer, publisher, distributor, etc.) of a kernel extension need only be supplied secure kernel 302 's public key (which, unlike the private key, is not a secret) in order to encrypt a new kernel extension so that only that copy of secure kernel 302 (with its unique private key) can decrypt the kernel extension.
  • secure kernel 302 may delegate one or more of its powers/responsibilities to a kernel extension. Secure kernel 302 does this by retaining (i.e., not deleting) the sensitive portions of secure kernel 302 needed to perform a particular privileged task when passing control to the kernel extension. Secure kernel 302 determines which portions to retain by examining the public key used to validate the kernel extension's digital signature. Secure kernel 302 recognizes a pre-defined set of “privileged public keys” used to sign kernel extensions. Each privileged public key is associated with a particular level of privilege-i.e., each privileged public key corresponds to one or more sensitive parts of secure kernel 302 to be retained when secure kernel 302 passes control to a kernel extension signed with that privileged public key. Thus, a kernel extension may be delegated all or only some of the secrets/privi privileges of secure kernel 302 , according to the privilege level specified by the kernel extension's public key.
  • FIGS. 5-7 are together a multi-page flowchart representation of the basic flow of execution of a secure kernel made in accordance with a preferred embodiment of the present invention.
  • FIGS. 5-7 illustrate how the various cryptographic features of a preferred embodiment work together under the direction of the secure kernel to create a system of privileged and non-privileged program code without the use of dedicated protection hardware.
  • FIGS. 5-7 Before turning to the specifics of FIGS. 5-7 , it should first be noted that for the purpose of simplifying the presentation, each of the digital signature and hash value verifications has been presented here as a processing step (rectangle) rather than as a decision (diamond), although by nature each of these actions involves a determination as to whether the validation or verification succeeds or fails.
  • secure initialization hardware 226 initializes or re-initializes secondary processing unit 110 (as described above), before the main datapath of secondary processing unit 110 begins processing instructions, the secure initialization hardware decrypts the secure kernel into processor-accessible memory from the encrypted master copy (block 500 ). Once the secure kernel has been decrypted, the secure initialization hardware starts the main datapath of the data processing system, which then begins to execute the secure kernel (block 501 ).
  • the secure kernel then checks mailbox area 308 to determine what actions should be taken following the initialization, such as loading/executing a particular kernel extension or returning control to an application that triggered a warm initialization (block 502 ). Additionally, checking mailbox area 308 allows the secure kernel to determine whether a warm or cold initialization has occurred. Next a determination is made as to whether a kernel extension should be loaded (block 504 ). If so (block 504 :yes), then the secure kernel decrypts the desired kernel extension into processor-accessible memory using the secure kernel's private key (block 506 ). The secure kernel validates the digital signature of the public key supplied with the kernel extension using a pre-defined public key known to the secure kernel (i.e., stored in the secure kernel's “key ring”) (block 507 ).
  • the secure kernel then validates the digital signature of the kernel extension itself using the kernel extension's public key (block 508 ).
  • the secure kernel verifies the integrity of the kernel extension using by computing a hash value of the kernel extension and comparing the computed hash value to that supplied with the kernel extension (block 510 ).
  • the secure kernel Once the application has been validated and verified, the secure kernel generates an application-specific secret by computing a one-way function from the secure kernel's private key and the application's public key (block 526 ). The secure kernel also generates an application-version-specific secret by computing a one-way function from the secure kernel's private key and a hash value computed from the bytes of the application itself (block 528 ). These secrets are stored by the secure kernel in memory so as to be accessible to the loaded application (e.g., in secret space 412 of the application).
  • the secure kernel deletes the sensitive portions of itself (including its private key, privileged code portions, and any other secrets of the secure kernel) (block 530 ).
  • the secure kernel then fully transfers control (branches) to the application (block 532 ) (there being no further processing performed by the secure kernel until the next secure initialization). If a new application is not loaded (block 518 :No), then the secure kernel deletes the sensitive portions of itself (block 534 ), then passes control to the application code address indicated in mailbox area 308 (i.e., to the application which initiated the warm initialization triggering the execution of the secure kernel) (block 536 ).
  • One of the preferred implementations of the invention is a computer program, namely, a set of instructions (program code) or other functional descriptive material in a code module that may, for example, be resident in the random access memory of the computer.
  • the set of instructions may be stored in another computer memory, for example, in a hard disk drive, or in a removable memory such as an optical disk (for eventual use in a CD ROM) or floppy disk (for eventual use in a floppy disk drive), or downloaded via the Internet or other computer network.
  • the present invention may be implemented as a computer program product for use in a computer.
  • Functional descriptive material is information that imparts functionality to a machine.
  • Functional descriptive material includes, but is not limited to, computer programs, instructions, rules, facts, definitions of computable functions, objects, and data structures.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • The present application is related to U.S. patent application Ser. No. ______ (Attorney Docket No. AUS920060895US1), entitled “Cryptographically-enabled Privileged Mode Execution;” U.S. patent application Ser. No. ______ (Attorney Docket No. AUS920060896US1), entitled “Application-Specific Secret Generation;” and U.S. patent application Ser. No. ______ (Attorney Docket No. AUS920060900US1), entitled “Cryptographic Secure Program Overlays,” which are filed even date hereof, assigned to the same assignee, and incorporated herein by reference.
    • BACKGROUND OF THE INVENTION
  • 1. Technical Field
  • The present invention relates generally to protected operating kernels for data processing systems. Specifically, the present invention is directed to an encrypted operating kernel that is updateable through extensions.
  • 2. Description of the Related Art
  • Many, if not most, modern operating systems and the hardware platforms that support them provide some form of facility for “memory protection.” Each application is allocated memory by the operating system and must access only those addresses in memory allocated to it. If a process attempts to access memory that is outside of the memory regions allocated to it, the illegal access attempt is detected by the operating system as an error (often called a “protection fault” or “segmentation fault”) and the offending process is terminated before disaster occurs. Memory protection can prevent many system crashes or other destructive behavior caused by software errors or malicious code (“malware”). Another important reason for restricting access to certain memory locations is to prevent proprietary or security-sensitive data or code from being examined by user-level processes, so as to prevent the creation of malware or the reverse engineering or unauthorized copying of proprietary information.
  • Although memory protection schemes are very useful, particularly for running today's very complex software, the protection schemes themselves increase the complexity of the computing hardware and the operating systems it supports. In some applications, this added complexity is highly undesirable. For example, a processor intended for high-end multimedia or real-time computationally intensive applications may have multiple specialized processor cores (such as specialized vector processing cores) on a single chip for intensive number-crunching. In such instances, the added hardware and software complexity involved in implementing conventional memory protection for each core's local memory could severely impact the attainable degree of parallelism as well as the performance of each individual processor core.
  • Further, it may be desirable for certain kinds of program code to have different levels of privilege with regard to a system's memory protection and other resources. For example, some operating systems, such as the open-source Linux operating system, have extensible kernels, which allow additional kernel-level code (such as a device driver) to be loaded in at runtime (in the form of “kernel modules”) to augment an existing operating system kernel. Because they fulfill a supervisory and administrative role in a computer, operating system kernels are generally designed to operate in a “privileged mode,” in which the kernel has access to all memory addresses and other system resources. Where kernel modules may come from untrusted sources, however, it may not be desirable to provide a kernel module unfettered access to all memory addresses and system resources. It would be safer to allow the module only the degree of privilege necessary to accomplish its intended purpose.
  • What is needed, therefore, is a method of protecting sensitive data and code from unauthorized reads and writes without relying on the additional complexity of protection-fault-detection mechanisms, which also allows for differing levels of privilege. The present invention provides a solution to this and other problems, and offers other advantages over previous solutions.
    • SUMMARY OF THE INVENTION
  • Accordingly, the present invention provides a method, computer program product, and data processing system for providing an updateable encrypted operating kernel. In a preferred embodiment, secure initialization hardware loads a minimal secure kernel containing sensitive portions of data and/or code from a storage location accessible only to the secure initialization hardware itself and decrypts the minimal secure kernel into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is specific to the processor on which the secure kernel runs. Before passing control to a kernel extension the secure kernel deletes a selected subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are deleted/retained is determined by a cryptographic key with which the kernel extension is signed.
  • The foregoing is a summary and thus contains, by necessity, simplifications, generalizations, and omissions of detail; consequently, those skilled in the art will appreciate that the summary is illustrative only and is not intended to be in any way limiting. Other aspects, inventive features, and advantages of the present invention, as defined solely by the claims, will become apparent in the non-limiting detailed description set forth below.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention may be better understood, and its numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying drawings, wherein:
  • FIG. 1 is a block diagram of an exemplary data processing system in which a preferred embodiment of the present invention may be implemented;
  • FIG. 2 is a block diagram of a secondary processing unit in accordance with a preferred embodiment of the present invention;
  • FIG. 3 is a memory map showing memory usage in a data processing system made in accordance with a preferred embodiment of the present invention;
  • FIG. 4 is a memory diagram of an application 400 for use in a data processing system made in accordance with a preferred embodiment of the present invention; and
  • FIGS. 5-7 are a flowchart representation of a basic execution flow of a secure kernel in accordance with a preferred embodiment of the present invention.
    •  DETAILED DESCRIPTION
  • The following is intended to provide a detailed description of an example of the invention and should not be taken to be limiting of the invention itself. Rather, any number of variations may fall within the scope of the invention, which is defined in the claims following the description.
  • FIG. 1 is a block diagram of an exemplary data processing system 100 in which a preferred embodiment of the present invention may be implemented. Data processing system 100 comprises a monolithic multiprocessor 101 containing several processor cores on a single integrated circuit. Monolithic multiprocessor 101 includes a general-purpose primary processing element 102 and several secondary processing units for performing more specialized, computationally-intensive functions ( secondary processing units 110, 112, and 114), connected by an internal bus 104. An external bus 105, external to monolithic multiprocessor 101, interfaces monolithic multiprocessor 101 with main memory 106 and secondary storage 108, as well as other peripheral devices (not shown).
  • Each of secondary processing units 110, 112, and 114 contains its own local memory in addition to main memory 106. This allows secondary processing units 110, 112, and 114 to operate independently of primary processing element 102 in isolation mode, in which a particular secondary processing unit performs computations using its local memory without interference from primary processing element 102. When not in isolation mode, secondary processing units 110, 112, and 114 may allow primary processing element 102 to access their respective local memory spaces. In this preferred embodiment primary, processing element 102 includes hardware support for memory protection (in main memory 106), but secondary processing units 110, 112, and 114 do not contain memory protection hardware to prevent improper memory accesses of local memory within a secondary processing unit while in isolation mode.
  • A more detailed depiction of secondary processing unit 110 in accordance with a preferred embodiment of the present invention is provided in FIG. 2. Secondary processing unit 110 is interfaced to internal bus 104 (internal to monolithic multiprocessor 101), but also contains its own intra-unit bus 222 internal to itself. Secondary processing unit 110 contains a main datapath 220, which comprises the control logic, registers, and functional units used to execute stored programs of instructions in secondary processing unit 110. In addition to its main datapath 220, secondary processing unit 110 contains its own local random access memory (RAM) 224 and persistent-storage memory 228 (which may or may not comprise a non-volatile memory technology, such as flash memory), for storing information persistently between operating sessions.
  • Startup of secondary processing unit 110 is handled by secure initialization hardware 226, which is independent of main datapath 220. It should be noted that in this context, the term “initialization” is used loosely to refer to an initialization of secondary processing unit 110, which need not occur in conjunction with initialization of data processing system 100 as a whole. In a preferred embodiment of the present invention, initialization of secondary processing unit 110 occurs each time secondary processing unit 110 is brought into isolation mode, which may occur many times between actual system reinitializations, for example. Hence, in this context, “initialization hardware” refers to the hardware used to initialize the particular processing unit or datapath to be used for executing the secure kernel (which, in the case of the preferred embodiment described herein, is secondary processing unit 110).
  • However, this usage of the term “initialization” should not be understood as limiting the scope of the present invention to the particular hardware of the preferred embodiment. For example, the encryption-based protection scheme of the present invention could also be applied to a single-datapath processor (or “uniprocessor”), in which case initialization of the single datapath by secure initialization hardware would be essentially equivalent to a “warm initialization” or “reset” of the data processing system as a whole.
  • In addition to resetting and enabling main datapath 220 during an initialization of secondary processing unit 110, secure initialization hardware 226 also contains decryption hardware for decrypting an encrypted master copy of a system kernel (master copy 230) into local RAM 224 as part of the initialization process. The decryption key for decrypting master copy 230 is embedded into secure initialization hardware 226 such that it cannot be read from main datapath 220 (or from intra-unit bus 222, for that matter). This can be done by storing the key securely in non-volatile memory internal to secure initialization hardware 226 or by actually hard-wiring the decryption process into the logic of secure initialization hardware 226, such that the decryption key is not stored, but integrated implicitly into the decryption logic. Once the system kernel has been decrypted, secure initialization hardware 226 triggers main datapath 220 to begin executing the decrypted secure kernel. The decrypted secure kernel then uses a combination of public-key cryptography and digital signature verification to provide a software-based form of protection that is local to secondary processing unit 110 and may be used in isolation mode.
  • In public-key cryptography, separate keys are used for encryption and decryption. Each party has two keys, a “public key,” used for encryption, and a “private key” used to decrypt messages encrypted with the public key. A party's public key is “public” in the sense that the party makes the public key available to anyone who wishes to send encrypted messages to that party, while the private key remains secret. Even though multiple parties may possess the same public key, only the private key may be used to decrypt messages encrypted with the public key. In other words, it is computationally infeasible to decrypt a message encrypted with the public key unless one possesses the private key. This is in contrast to traditional secret key cryptosystems in which the same secret key is used for both encryption and decryption. Perhaps the best-known and most widely used public-key cryptosystem is the Rivest-Shamir-Adleman or RSA crypto system, which is described in U.S. Pat. No. 4,405,829. Public-key cryptography is widely used for making secure transactions over the Internet, as it prevents eavesdropping by third parties.
  • Although public-key cryptography is very useful in keeping information secret, public-key cryptography does not guard against forged or corrupted information. Since the public key can be distributed to others, and anyone possessing the public-key can encrypt messages that may only be read with the private key, public-key cryptography provides no way for the recipient of a message to know whether the message being received is genuine or originates with the source it purports to have originated from. For this reason, public-key cryptography is often used in conjunction with other cryptographic techniques that can be used to authenticate communications and verify the integrity of a message. Digital signatures are a natural complement to public-key cryptography that can be used to verify the identity of the originator of a message. With digital signatures, the sender of a message has a public/private key pair. When the sender sends a message, the sender uses its private key and the text of the message itself to compute a code that can be affixed to the message. This code is referred to as a digital signature. The recipient of the message will possess the sender's public key, which it can use to verify that the digital signature attached to a particular message was signed using the private key of the sender corresponding to that public key. One of the earliest digital signature schemes was the Rivest-Shamir-Adleman or RSA digital signature scheme, which, like the RSA public-key cryptosystem, is described in U.S. Pat. No. 4,405,829.
  • A preferred embodiment of the present invention makes extensive use of both public-key cryptography and digital signatures to provide data secrecy, preserve data integrity, and prevent unauthorized actions. However, one skilled in the art will recognize that implementation of the present invention is not dependent on the use of any particular type of cryptosystem or digital signature scheme. Any presently known or future-developed cryptosystem or digital signature scheme may be utilized in an embodiment of the present invention.
  • FIG. 3 is a memory map showing memory usage in a data processing system made in accordance with a preferred embodiment of the present invention. The most privileged piece of software in the system is secure kernel 302, whose main function is to validate and authenticate other pieces of software, including kernel extensions, which reside in kernel extension area 304. Kernel extensions provide the main functionality to system software, and may be updated, replaced, or added, as necessary or desired. Secure kernel 302, on the other hand, is endowed with minimal functionality and is intended to remain the same during the lifetime of the data processing system. Secure kernel 302 is “secure” because its sensitive internals are shielded from inspection or access by other programs residing in the data processing system. As will be seen, this security is maintained through a combination of selective deletion of secret information and careful use of cryptographic techniques. Among the sensitive pieces of internal information contained in secure kernel 302 is a private key that is specific to that particular copy of secure kernel 302. In a preferred embodiment of the invention, secure kernel 302's private key is specific to the particular chip (so that another chip from the same manufacturer of the same type and version would still have a different private key). Secure kernel 302 also has a public key corresponding to its private key, but the public key need not be kept secret (since it is a public key). Other sensitive pieces of information contained in secure kernel 302 would include other cryptographic keys as well as instructions for performing operations deemed to be privileged.
  • Secure kernel 302 is loaded into memory from a master copy whenever secondary processing unit 110 is initialized by secure initialization hardware 226. This master copy is stored in encrypted form. The decryption key needed to decrypt the master copy is incorporated into secure initialization hardware 226 (FIG. 2) and is not accessible to software. Consequently, secure kernel 302 can only be loaded into memory when secure initialization hardware 226 is activated (during an initialization of secondary processing unit 110, as described above). This not only keeps sensitive portions of secure kernel 302 secret, but it also ensures that secure kernel 302, when loaded into memory, is genuine and has not been tampered with.
  • Application software is loaded into and executes from application area 306. Because no hardware memory protection scheme exists in a preferred embodiment of the present invention, applications executing from application area 306 may freely access other parts of the memory space, including such memory areas as kernel extension area 304 and secure kernel area 302. The effect of memory protection is achieved, however, by deleting sensitive information from secure kernel area 302 and kernel extension area 304 prior to transferring control to an application residing in application area 306, and by using secure initialization hardware to reload secure kernel 302 and any kernel extensions, when it becomes necessary to invoke kernel extension code.
  • For an application residing in application area 306 to make use of a kernel service, the application first writes information to mailbox area 308. This information will include information regarding the particular kernel service requested as well as information necessary to return control to the application, such as a callback address. Once this information has been written to mailbox area 308, the application triggers secure initialization hardware 226 to re-initialize secondary processing unit 110. This causes a fresh copy of secure kernel 302 (including any sensitive portions thereof) to be loaded before any kernel services are performed. The sensitive portions of secure kernel 302 as well as any kernel extensions are then deleted before returning control to the application, according to the instructions left in mailbox area 308.
  • A similar mechanism is also used for kernel extensions to prevent particular kernel extensions from having access to all of secure kernel 302's secrets. Those sensitive portions of secure kernel 302 that are not needed by a kernel extension to perform a task are deleted by secure kernel 302 prior to passing control to the kernel extension. In this way, secure kernel 302 can delegate all or only some of its powers and responsibilities to a given kernel extension. Using kernel extensions to perform most system software tasks allows system software to be updated without having to modify secure kernel 302. This allows secure kernel 302's master copy to be decrypted using an unrecoverable decryption key incorporated in secure initialization hardware 226. Since secure kernel 302 will never change, even if other system software is updated or replaced, there is no need to store the decryption key (or a corresponding encryption key, assuming it is different) anywhere outside of the secure initialization hardware-or if the decryption process is hard-wired into the logic of the hardware, anywhere at all.
  • Additionally, a persistent storage area 310 is provided to allow applications to store persistent data. Persistent data is data that remains stored between invocations of one or more applications. An example of persistent data might be a database, or in the case of a video game console, a list of high scorers for a game.
  • As mentioned above, secure kernel 302 authenticates and validates the integrity of other pieces of software in the data processing system, including applications and kernel extensions. FIG. 4 is a memory diagram of an application 400 for use in a data processing system made in accordance with a preferred embodiment of the present invention. In addition to the actual executable code itself (code image 402), application 400 includes a public key 404, which may be used to verify a digital signature 406 of application 400. In a preferred embodiment of the present invention, public key 404 is specific to a particular application title, but not to a particular version of that application, so that multiple versions of the same application have the same public key 404.
  • In addition, a cryptographic hash value 408 computed over code image 402 is provided to allow the integrity of application 400 to be verified. A hash value is a numerical value that is the result of a function mapping a larger block of data into a limited number of bits. A cryptographic hash value is computed using a one-way function (OWF), which is a function in which it is computationally intractable to compute the function's inverse. An example of a cryptographic hash value is the well-known SHA-1 algorithm (Secure Hash Algorithm 1), developed by the National Institute of Standards and Technology (NIST), a U.S. federal agency. Other cryptographic hash algorithms (such as SHA-256, MD5 [Message Digest 5], and many others) are known in the art and may be applied to the present invention without limitation and without departing from the scope and spirit thereof. To verify the integrity of application 400, the cryptographic hash value of code image 402 can be computed by secure kernel 302 and compared to cryptographic hash value 408 stored as part of the application. If the two values match, the application's integrity has not been compromised (i.e., code image 402 has not been tampered with or become corrupted).
  • Since public key 404 is used to verify signature 406, it is important that public key 404 not be a forgery. Therefore, a digital signature computed over public key 404 (public key signature 410) is also included in application 400. This signature can be verified by secure kernel 302 using one or more pre-defined public keys known to secure kernel 302.
  • Finally, additional storage space 412 is provided for the creation of application-specific and application-version-specific secrets. An application may wish to store or transmit information that can only be viewed by other versions of that application or other instances of the same version of that application. In a preferred embodiment of the present invention, secure kernel 302, upon loading an application such as application 400, generates an application-specific secret and an application-version-specific secret, which are stored in storage area 412. The application-specific secret is generated by computing a one-way function of secure kernel 302's private key (which is specific to that copy of secure kernel 302) and public key 404, which is specific to the application (but not version specific). Thus, every instance of any version of the application running under that particular copy of secure kernel 302 will receive the same application-specific secret from secure kernel 302.
  • The application-version-specific secret, on the other hand, is generated by computing a one-way function of secure kernel 302's private key and a cryptographic hash value of the application image (possibly, but not necessarily the same as hash value 408). This results in a secret that is specific to not only the application title and secure kernel instance, but to the particular version of the application itself.
  • These application-specific and application-version-specific secrets may be used for secret-key (symmetric-key) encryption of information that is to be comprehendible to only a particular application title or particular version of an application (for storage in non-volatile storage 310, for example). Further, because the secrets are computed using private key information known only to a particular copy of secure kernel 302, two different processors (running two different copies of secure kernel 302 with different private keys) will compute different application-specific and application-version-specific secrets, thus making the overall encryption scheme harder to crack. An additional benefit to having the secrets computed by secure kernel 302 upon loading is that the secrets themselves need not be stored permanently. When an application terminates, the secrets can be safely deleted, since secure kernel 302 will re-compute the secrets (with the same value) the next time the application is executed.
  • Kernel extensions resemble applications in that they also include a digital signature, so they may be organized in much the same way as application 400 is in FIG. 4. An important difference between kernel extensions and applications, however, is that kernel extensions are stored in encrypted form such that they can only be decrypted using secure kernel 302's private key, which itself is only available when secure kernel 302 is loaded and executed immediately following a secure initialization (using the secure initialization hardware). Public-key cryptography makes it possible to update, replace, or add kernel extensions without compromising secure kernel 302's private key. The source (manufacturer, publisher, distributor, etc.) of a kernel extension need only be supplied secure kernel 302's public key (which, unlike the private key, is not a secret) in order to encrypt a new kernel extension so that only that copy of secure kernel 302 (with its unique private key) can decrypt the kernel extension.
  • As stated above, secure kernel 302 may delegate one or more of its powers/responsibilities to a kernel extension. Secure kernel 302 does this by retaining (i.e., not deleting) the sensitive portions of secure kernel 302 needed to perform a particular privileged task when passing control to the kernel extension. Secure kernel 302 determines which portions to retain by examining the public key used to validate the kernel extension's digital signature. Secure kernel 302 recognizes a pre-defined set of “privileged public keys” used to sign kernel extensions. Each privileged public key is associated with a particular level of privilege-i.e., each privileged public key corresponds to one or more sensitive parts of secure kernel 302 to be retained when secure kernel 302 passes control to a kernel extension signed with that privileged public key. Thus, a kernel extension may be delegated all or only some of the secrets/privileges of secure kernel 302, according to the privilege level specified by the kernel extension's public key.
  • FIGS. 5-7 are together a multi-page flowchart representation of the basic flow of execution of a secure kernel made in accordance with a preferred embodiment of the present invention. FIGS. 5-7 illustrate how the various cryptographic features of a preferred embodiment work together under the direction of the secure kernel to create a system of privileged and non-privileged program code without the use of dedicated protection hardware. Before turning to the specifics of FIGS. 5-7, it should first be noted that for the purpose of simplifying the presentation, each of the digital signature and hash value verifications has been presented here as a processing step (rectangle) rather than as a decision (diamond), although by nature each of these actions involves a determination as to whether the validation or verification succeeds or fails. It should be understood throughout the following description that the failure of any verification or validation action in FIGS. 5-7 will trigger an error or exception condition that will interrupt the normal flow of execution depicted in FIGS. 5-7. Hence, each validation or verification described below should be understood as also implicitly including a decision step branching to an error condition on failure of the validation or verification.
  • Turning now to FIG. 5, when secure initialization hardware 226 initializes or re-initializes secondary processing unit 110 (as described above), before the main datapath of secondary processing unit 110 begins processing instructions, the secure initialization hardware decrypts the secure kernel into processor-accessible memory from the encrypted master copy (block 500). Once the secure kernel has been decrypted, the secure initialization hardware starts the main datapath of the data processing system, which then begins to execute the secure kernel (block 501).
  • The secure kernel then checks mailbox area 308 to determine what actions should be taken following the initialization, such as loading/executing a particular kernel extension or returning control to an application that triggered a warm initialization (block 502). Additionally, checking mailbox area 308 allows the secure kernel to determine whether a warm or cold initialization has occurred. Next a determination is made as to whether a kernel extension should be loaded (block 504). If so (block 504:yes), then the secure kernel decrypts the desired kernel extension into processor-accessible memory using the secure kernel's private key (block 506). The secure kernel validates the digital signature of the public key supplied with the kernel extension using a pre-defined public key known to the secure kernel (i.e., stored in the secure kernel's “key ring”) (block 507). The secure kernel then validates the digital signature of the kernel extension itself using the kernel extension's public key (block 508). Next, the secure kernel verifies the integrity of the kernel extension using by computing a hash value of the kernel extension and comparing the computed hash value to that supplied with the kernel extension (block 510).
  • If the kernel extension passes each of these validations/verifications, a determination is made as to which sensitive portions of the secure kernel should be deleted or retained before passing control to the kernel extension (block 512). As stated above, this determination is based on which public key was used to sign the kernel extension, each public key corresponding to a set of sensitive portions to be retained (or equivalently, which sensitive portions should be deleted) before passing control to a kernel extension signed with that public key. Once it is determined which sensitive portions of the secure kernel should be retained, the remainder of the sensitive portions of the secure kernel are deleted (block 514) and the secure kernel passes control to the loaded kernel extension (block 516).
  • Upon returning to execution of the secure kernel from the execution of a loaded kernel extension (following block 516), or if no kernel extension was loaded (block 504:No), a determination is made as to whether new application code should be loaded into memory for execution (block 518). If so (block 518:Yes), the application code is loaded into processor-accessible memory (block 520). The signature of the public key of the newly loaded application code is then validated using a pre-defined public key known to the secure kernel (block 521). The signature of the application itself is then validated using the application's validated public key (block 522). Next, the integrity of the application is verified by computing a hash value of the application and comparing the computed hash value to that supplied with the application (block 524).
  • Once the application has been validated and verified, the secure kernel generates an application-specific secret by computing a one-way function from the secure kernel's private key and the application's public key (block 526). The secure kernel also generates an application-version-specific secret by computing a one-way function from the secure kernel's private key and a hash value computed from the bytes of the application itself (block 528). These secrets are stored by the secure kernel in memory so as to be accessible to the loaded application (e.g., in secret space 412 of the application).
  • After application-specific and application-version-specific secrets have been computed by the secure kernel, the secure kernel deletes the sensitive portions of itself (including its private key, privileged code portions, and any other secrets of the secure kernel) (block 530). The secure kernel then fully transfers control (branches) to the application (block 532) (there being no further processing performed by the secure kernel until the next secure initialization). If a new application is not loaded (block 518:No), then the secure kernel deletes the sensitive portions of itself (block 534), then passes control to the application code address indicated in mailbox area 308 (i.e., to the application which initiated the warm initialization triggering the execution of the secure kernel) (block 536).
  • One of the preferred implementations of the invention is a computer program, namely, a set of instructions (program code) or other functional descriptive material in a code module that may, for example, be resident in the random access memory of the computer. Until required by the computer, the set of instructions may be stored in another computer memory, for example, in a hard disk drive, or in a removable memory such as an optical disk (for eventual use in a CD ROM) or floppy disk (for eventual use in a floppy disk drive), or downloaded via the Internet or other computer network. Thus, the present invention may be implemented as a computer program product for use in a computer. In addition, although the various methods described are conveniently implemented in a general purpose computer selectively activated or reconfigured by software, one of ordinary skill in the art would also recognize that such methods may be carried out in hardware, in firmware, or in more specialized apparatus constructed to perform the required method steps. Functional descriptive material is information that imparts functionality to a machine. Functional descriptive material includes, but is not limited to, computer programs, instructions, rules, facts, definitions of computable functions, objects, and data structures.
  • While particular embodiments of the present invention have been shown and described, it will be obvious to those skilled in the art that, based upon the teachings herein, changes and modifications may be made without departing from this invention and its broader aspects. Therefore, the appended claims are to encompass within their scope all such changes and modifications as are within the true spirit and scope of this invention. Furthermore, it is to be understood that the invention is solely defined by the appended claims. It will be understood by those with skill in the art that if a specific number of an introduced claim element is intended, such intent will be explicitly recited in the claim, and in the absence of such recitation no such limitation is present. For non-limiting example, as an aid to understanding, the following appended claims contain usage of the introductory phrases “at least one” and “one or more” to introduce claim elements. However, the use of such phrases should not be construed to imply that the introduction of a claim element by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim element to inventions containing only one such element, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an;” the same holds true for the use in the claims of definite articles. Where the word “or” is used in the claims, it is used in an inclusive sense (i.e., “A and/or B,” as opposed to “either A or B”).

Claims (20)

1. A computer-implemented method comprising:
executing a secure kernel in a data processing system, wherein the secure kernel includes a plurality of sensitive portions, and wherein the executing includes
loading a kernel extension, wherein the kernel extension is associated with a cryptographic key;
selecting a subset of the plurality of sensitive portions based on the cryptographic key;
deleting said subset; and
transferring control to the kernel extension subsequent to said deleting.
2. The method of claim 1, wherein the kernel extension is signed with a digital signature using the cryptographic key.
3. The method of claim 1, further comprising:
validating the digital signature using the cryptographic key.
4. The method of claim 1, wherein the cryptographic key is one of a plurality of pre-defined keys and each of the plurality of pre-defined keys is associated with one or more of the plurality of sensitive portions.
5. The method of claim 1, further comprising:
in response to the kernel extension returning control to the secure kernel, deleting a remainder of the plurality of sensitive portions.
6. The method of claim 1, further comprising:
decrypting the kernel extension.
7. The method of claim 1, wherein the cryptographic key is a public key in a public key cryptosystem.
8. A computer program product in a computer-readable medium comprising:
one or more sensitive portions of data or instruction code;
instructions for loading a kernel extension, wherein the kernel extension is associated with a cryptographic key;
instructions for selecting a subset of the plurality of sensitive portions based on the cryptographic key;
instructions for deleting said subset; and
instructions for transferring control to the kernel extension subsequent to said deleting.
9. The computer program product of claim 8, wherein the kernel extension is signed with a digital signature using the cryptographic key.
10. The computer program product of claim 8, further comprising:
instructions for validating the digital signature using the cryptographic key.
11. The computer program product of claim 8, wherein the cryptographic key is one of a plurality of pre-defined keys and each of the plurality of pre-defined keys is associated with one or more of the plurality of sensitive portions.
12. The computer program product of claim 8, further comprising:
instructions, responsive to a return to executing said computer program product from execution of the kernel extension, for deleting a remainder of the plurality of sensitive portions.
13. The computer program product of claim 8, further comprising:
instructions for decrypting the kernel extension.
14. The computer program product of claim 8, wherein the cryptographic key is a public key in a public key cryptosystem.
15. A data processing system comprising:
initialization hardware;
a processor datapath;
memory accessible to the processor datapath and the initialization hardware; and
non-volatile storage containing an encrypted copy of a secure kernel having a plurality of sensitive portions, wherein
the initialization hardware, on initialization of the data processing system, decrypts the encrypted copy into the memory,
the processor datapath executes the secure kernel from the memory,
the processing datapath loads a kernel extension into the memory, wherein the kernel extension is associated with a cryptographic key, and
prior to transferring control of the processor datapath from the secure kernel to the kernel extension, the secure kernel deletes a subset of the plurality of sensitive portions, where the subset is determined by the cryptographic key.
16. The data processing system of claim 15, wherein the kernel extension is signed with a digital signature using the cryptographic key.
17. The data processing system of claim 15, wherein the processor datapath executes instructions in the secure kernel for validating the digital signature using the cryptographic key.
18. The data processing system of claim 15, wherein the cryptographic key is one of a plurality of pre-defined keys and each of the plurality of pre-defined keys is associated with one or more of the plurality of sensitive portions.
19. The data processing system of claim 15, wherein the processor data path deletes a remainder of the plurality of sensitive portions upon transfer of control flow from the kernel extension.
20. The data processing system of claim 15, wherein the processor datapath executes instructions in the secure kernel for decrypting the kernel extension.
US11/754,658 2007-05-29 2007-05-29 Updateable secure kernel extensions Expired - Fee Related US8332635B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/754,658 US8332635B2 (en) 2007-05-29 2007-05-29 Updateable secure kernel extensions
PCT/EP2008/056351 WO2008145602A1 (en) 2007-05-29 2008-05-23 Updateable secure kernel extensions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/754,658 US8332635B2 (en) 2007-05-29 2007-05-29 Updateable secure kernel extensions

Publications (2)

Publication Number Publication Date
US20080301440A1 true US20080301440A1 (en) 2008-12-04
US8332635B2 US8332635B2 (en) 2012-12-11

Family

ID=39682929

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/754,658 Expired - Fee Related US8332635B2 (en) 2007-05-29 2007-05-29 Updateable secure kernel extensions

Country Status (2)

Country Link
US (1) US8332635B2 (en)
WO (1) WO2008145602A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050207572A1 (en) * 2002-03-26 2005-09-22 Vincent Finkelstein Method and device for automatic validation of computer program using cryptography functions
US20070226492A1 (en) * 1999-03-27 2007-09-27 Microsoft Corporation Secure processor architecture for use with a digital rights management (drm) system on a computing device
US20080301469A1 (en) * 2007-05-29 2008-12-04 Plouffe Jr Wilfred E Cryptographically-enabled Privileged Mode Execution
US20080298581A1 (en) * 2007-05-29 2008-12-04 Masana Murase Application-Specific Secret Generation
US20090089579A1 (en) * 2007-10-02 2009-04-02 Masana Murase Secure Policy Differentiation by Secure Kernel Design
US20120321089A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellsghaft Method and System for Confidentially Providing Software Components
US8397245B2 (en) 2010-07-12 2013-03-12 International Business Machines Corporation Managing loading and unloading of shared kernel extensions in isolated virtual space
US8448169B2 (en) 2010-07-12 2013-05-21 International Business Machines Corporation Managing unique electronic identification for kernel extensions in isolated virtual space
US8527989B2 (en) 2010-07-12 2013-09-03 International Business Machines Corporation Tracking loading and unloading of kernel extensions in isolated virtual space
US8700535B2 (en) 2003-02-25 2014-04-15 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US8781969B2 (en) 2005-05-20 2014-07-15 Microsoft Corporation Extensible media rights
CN104486355A (en) * 2014-12-30 2015-04-01 大连楼兰科技股份有限公司 Method and device for preventing malicious manipulation of codes
US9608823B2 (en) * 2014-08-11 2017-03-28 Red Hat, Inc. Secure remote kernel module signing
CN107784226A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 The method and system that code is maliciously tampered are prevented using rivest, shamir, adelman
US10747875B1 (en) * 2020-03-19 2020-08-18 Cyberark Software Ltd. Customizing operating system kernels with secure kernel modules
CN114138691A (en) * 2021-11-05 2022-03-04 杭州薮猫科技有限公司 Kernel extension method, device and equipment based on callback mechanism
US11483137B2 (en) * 2020-01-22 2022-10-25 Micron Technology, Inc. Dynamic command extension for a memory sub-system
US20230089388A1 (en) * 2020-04-03 2023-03-23 Hangzhou Hikvision Digital Technology Co., Ltd. Method and Intelligent Apparatus for Calling Permission Verification of Protected Intelligent Application
US11681809B2 (en) * 2018-04-19 2023-06-20 Canon Kabushiki Kaisha Information processing apparatus, control method, and storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8819361B2 (en) * 2011-09-12 2014-08-26 Microsoft Corporation Retaining verifiability of extracted data from signed archives
US9785577B2 (en) 2014-05-28 2017-10-10 Red Hat, Inc. Kernel key handling
CN104636685A (en) * 2015-02-25 2015-05-20 山东超越数控电子有限公司 Method for protecting linux operation system on loongson hardware platform
US9898326B2 (en) 2016-02-23 2018-02-20 Red Hat Israel, Ltd. Securing code loading in a virtual environment

Citations (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987129A (en) * 1996-02-21 1999-11-16 Card Call Service Co., Ltd. Method of sharing cryptokey
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6330670B1 (en) * 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US20010056533A1 (en) * 2000-06-23 2001-12-27 Peter Yianilos Secure and open computer platform
US20020004905A1 (en) * 1998-07-17 2002-01-10 Derek L Davis Method for bios authentication prior to bios execution
US6397331B1 (en) * 1997-09-16 2002-05-28 Safenet, Inc. Method for expanding secure kernel program memory
US20020080958A1 (en) * 1997-09-16 2002-06-27 Safenet, Inc. Cryptographic key management scheme
US20030018892A1 (en) * 2001-07-19 2003-01-23 Jose Tello Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US20030200450A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on public key encryption
US20040044906A1 (en) * 1999-04-06 2004-03-04 Paul England Secure execution of program code
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US20040052259A1 (en) * 2002-09-16 2004-03-18 Agilent Technologies, Inc. Measuring network operational parameters as experienced by network operational traffic
US6775778B1 (en) * 1998-05-29 2004-08-10 Texas Instruments Incorporated Secure computing device having boot read only memory verification of program code
US20040243836A1 (en) * 1999-04-06 2004-12-02 Microsoft Corporation Hierarchical trusted code for content protection in computers
US20050022026A1 (en) * 2003-03-31 2005-01-27 International Business Machines Corporation Data processing systems
US20050120242A1 (en) * 2000-05-28 2005-06-02 Yaron Mayer System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
US20050144440A1 (en) * 2003-12-31 2005-06-30 International Business Machines Corp. Method for securely creating an endorsement certificate in an insecure environment
US20050182931A1 (en) * 2004-02-13 2005-08-18 Arnaud Robert Conditional access to digital rights management conversion
US20050222958A1 (en) * 2004-03-31 2005-10-06 Fujitsu Limited Information processing terminal and information security and protection method therefor
US20060021064A1 (en) * 1998-10-26 2006-01-26 Microsoft Corporation Key-based secure storage
US20060182124A1 (en) * 2005-02-15 2006-08-17 Sytex, Inc. Cipher Key Exchange Methodology
US20060195906A1 (en) * 2005-02-26 2006-08-31 International Business Machines Corporation System, method, and service for detecting improper manipulation of an application
US20060206727A1 (en) * 1999-05-07 2006-09-14 Infineon Technologies Ag Apparatus and method for a programmable security processor
US20060233149A1 (en) * 2005-04-06 2006-10-19 Viresh Rustagi Secure conditional access and digital rights management in a multimedia processor
US20060282681A1 (en) * 2005-05-27 2006-12-14 Scheidt Edward M Cryptographic configuration control
US20060294372A1 (en) * 2005-06-24 2006-12-28 Microsoft Corporation Securely providing extensible third-party plug-ins
US7188127B2 (en) * 2003-10-07 2007-03-06 International Business Machines Corporation Method, system, and program for processing a file request
US20070143223A1 (en) * 2005-12-16 2007-06-21 Microsoft Corporation Caching information for kernel and boot components
US7243340B2 (en) * 2001-11-15 2007-07-10 Pace Anti-Piracy Method and system for obfuscation of computer program execution flow to increase computer program security
US20070160200A1 (en) * 2004-01-14 2007-07-12 Nec Corporation Encryption communication system
US20070160197A1 (en) * 2004-02-10 2007-07-12 Makoto Kagaya Secret information management scheme based on secret sharing scheme
US20070198851A1 (en) * 2006-02-22 2007-08-23 Fujitsu Limited Of Kawasaki, Japan. Secure processor
US20070226492A1 (en) * 1999-03-27 2007-09-27 Microsoft Corporation Secure processor architecture for use with a digital rights management (drm) system on a computing device
US20070245410A1 (en) * 2006-04-17 2007-10-18 Perlman Radia J Method and apparatus for securely forgetting secrets
US7305564B2 (en) * 2002-12-19 2007-12-04 International Business Machines Corporation System and method to proactively detect software tampering
US20080005565A1 (en) * 2006-06-29 2008-01-03 Kenta Shiga Computer system and method of updating authentication information of computer system
US20080072070A1 (en) * 2006-08-29 2008-03-20 General Dynamics C4 Systems, Inc. Secure virtual RAM
US7356707B2 (en) * 2002-04-18 2008-04-08 International Business Machines Corporation Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
US20080091945A1 (en) * 2006-10-16 2008-04-17 John Princen Secure device authentication system and method
US20080095371A1 (en) * 2004-09-02 2008-04-24 Pentti Kimmo Sakari Vataja Ends-Messaging Protocol That Recovers And Has Backward Security
US20080117679A1 (en) * 2006-11-19 2008-05-22 Pramila Srinivasan Securing a flash memory block in a secure device system and method
US20080148061A1 (en) * 2006-12-19 2008-06-19 Hongxia Jin Method for effective tamper resistance
US20080178256A1 (en) * 2007-01-23 2008-07-24 Brian Perrone System and method providing policy based control of interaction between client computer users and client computer software programs
US7424398B2 (en) * 2006-06-22 2008-09-09 Lexmark International, Inc. Boot validation system and method
US20080229425A1 (en) * 2005-08-03 2008-09-18 Nxp B.V. Secure Terminal, a Routine and a Method of Protecting a Secret Key
US20080235507A1 (en) * 2004-01-14 2008-09-25 Yuichi Ishikawa Encrypted Communication Method
US20080298581A1 (en) * 2007-05-29 2008-12-04 Masana Murase Application-Specific Secret Generation
US20080301469A1 (en) * 2007-05-29 2008-12-04 Plouffe Jr Wilfred E Cryptographically-enabled Privileged Mode Execution
US20090089579A1 (en) * 2007-10-02 2009-04-02 Masana Murase Secure Policy Differentiation by Secure Kernel Design
US20090086974A1 (en) * 2007-10-02 2009-04-02 Masana Murase Support for Multiple Security Policies on a Unified Authentication Architecture
US7516331B2 (en) * 2003-11-26 2009-04-07 International Business Machines Corporation Tamper-resistant trusted java virtual machine and method of using the same
US7577852B2 (en) * 2005-01-20 2009-08-18 National University Corporation NARA Institute of Science and Technology Microprocessor, a node terminal, a computer system and a program execution proving method
US7676840B2 (en) * 2002-06-07 2010-03-09 Microsoft Corporation Use of hashing in a secure boot loader
US7698744B2 (en) * 2004-12-03 2010-04-13 Whitecell Software Inc. Secure system for allowing the execution of authorized computer program code
US7698696B2 (en) * 2002-07-03 2010-04-13 Panasonic Corporation Compiler apparatus with flexible optimization
US7735136B2 (en) * 2005-04-18 2010-06-08 Vmware, Inc. 0-touch and 1-touch techniques for improving the availability of computer programs under protection without compromising security
US7886162B2 (en) * 2007-05-29 2011-02-08 International Business Machines Corporation Cryptographic secure program overlays

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5724425A (en) 1994-06-10 1998-03-03 Sun Microsystems, Inc. Method and apparatus for enhancing software security and distributing software
KR100950102B1 (en) 2002-04-18 2010-03-29 어드밴스드 마이크로 디바이시즈, 인코포레이티드 A computer system including a secure execution mode-capable processor and a method of initializing the computer system
IL171963A0 (en) * 2005-11-14 2006-04-10 Nds Ltd Secure read-write storage device

Patent Citations (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987129A (en) * 1996-02-21 1999-11-16 Card Call Service Co., Ltd. Method of sharing cryptokey
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6397331B1 (en) * 1997-09-16 2002-05-28 Safenet, Inc. Method for expanding secure kernel program memory
US20020080958A1 (en) * 1997-09-16 2002-06-27 Safenet, Inc. Cryptographic key management scheme
US6775778B1 (en) * 1998-05-29 2004-08-10 Texas Instruments Incorporated Secure computing device having boot read only memory verification of program code
US20020004905A1 (en) * 1998-07-17 2002-01-10 Derek L Davis Method for bios authentication prior to bios execution
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US6330670B1 (en) * 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US20060021064A1 (en) * 1998-10-26 2006-01-26 Microsoft Corporation Key-based secure storage
US6263431B1 (en) * 1998-12-31 2001-07-17 Intle Corporation Operating system bootstrap security mechanism
US20070226492A1 (en) * 1999-03-27 2007-09-27 Microsoft Corporation Secure processor architecture for use with a digital rights management (drm) system on a computing device
US20040044906A1 (en) * 1999-04-06 2004-03-04 Paul England Secure execution of program code
US20040243836A1 (en) * 1999-04-06 2004-12-02 Microsoft Corporation Hierarchical trusted code for content protection in computers
US20060206727A1 (en) * 1999-05-07 2006-09-14 Infineon Technologies Ag Apparatus and method for a programmable security processor
US20050120242A1 (en) * 2000-05-28 2005-06-02 Yaron Mayer System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
US20010056533A1 (en) * 2000-06-23 2001-12-27 Peter Yianilos Secure and open computer platform
US20030018892A1 (en) * 2001-07-19 2003-01-23 Jose Tello Computer with a modified north bridge, security engine and smart card having a secure boot capability and method for secure booting a computer
US7243340B2 (en) * 2001-11-15 2007-07-10 Pace Anti-Piracy Method and system for obfuscation of computer program execution flow to increase computer program security
US20030200450A1 (en) * 2002-04-17 2003-10-23 Paul England Saving and retrieving data based on public key encryption
US7356707B2 (en) * 2002-04-18 2008-04-08 International Business Machines Corporation Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
US7676840B2 (en) * 2002-06-07 2010-03-09 Microsoft Corporation Use of hashing in a secure boot loader
US7698696B2 (en) * 2002-07-03 2010-04-13 Panasonic Corporation Compiler apparatus with flexible optimization
US20040052259A1 (en) * 2002-09-16 2004-03-18 Agilent Technologies, Inc. Measuring network operational parameters as experienced by network operational traffic
US7305564B2 (en) * 2002-12-19 2007-12-04 International Business Machines Corporation System and method to proactively detect software tampering
US20050022026A1 (en) * 2003-03-31 2005-01-27 International Business Machines Corporation Data processing systems
US7188127B2 (en) * 2003-10-07 2007-03-06 International Business Machines Corporation Method, system, and program for processing a file request
US7516331B2 (en) * 2003-11-26 2009-04-07 International Business Machines Corporation Tamper-resistant trusted java virtual machine and method of using the same
US20050144440A1 (en) * 2003-12-31 2005-06-30 International Business Machines Corp. Method for securely creating an endorsement certificate in an insecure environment
US20080235507A1 (en) * 2004-01-14 2008-09-25 Yuichi Ishikawa Encrypted Communication Method
US20070160200A1 (en) * 2004-01-14 2007-07-12 Nec Corporation Encryption communication system
US20070160197A1 (en) * 2004-02-10 2007-07-12 Makoto Kagaya Secret information management scheme based on secret sharing scheme
US20050182931A1 (en) * 2004-02-13 2005-08-18 Arnaud Robert Conditional access to digital rights management conversion
US20050222958A1 (en) * 2004-03-31 2005-10-06 Fujitsu Limited Information processing terminal and information security and protection method therefor
US20080095371A1 (en) * 2004-09-02 2008-04-24 Pentti Kimmo Sakari Vataja Ends-Messaging Protocol That Recovers And Has Backward Security
US7698744B2 (en) * 2004-12-03 2010-04-13 Whitecell Software Inc. Secure system for allowing the execution of authorized computer program code
US7577852B2 (en) * 2005-01-20 2009-08-18 National University Corporation NARA Institute of Science and Technology Microprocessor, a node terminal, a computer system and a program execution proving method
US20060182124A1 (en) * 2005-02-15 2006-08-17 Sytex, Inc. Cipher Key Exchange Methodology
US20060195906A1 (en) * 2005-02-26 2006-08-31 International Business Machines Corporation System, method, and service for detecting improper manipulation of an application
US20060233149A1 (en) * 2005-04-06 2006-10-19 Viresh Rustagi Secure conditional access and digital rights management in a multimedia processor
US7735136B2 (en) * 2005-04-18 2010-06-08 Vmware, Inc. 0-touch and 1-touch techniques for improving the availability of computer programs under protection without compromising security
US20060282681A1 (en) * 2005-05-27 2006-12-14 Scheidt Edward M Cryptographic configuration control
US20060294372A1 (en) * 2005-06-24 2006-12-28 Microsoft Corporation Securely providing extensible third-party plug-ins
US20080229425A1 (en) * 2005-08-03 2008-09-18 Nxp B.V. Secure Terminal, a Routine and a Method of Protecting a Secret Key
US20070143223A1 (en) * 2005-12-16 2007-06-21 Microsoft Corporation Caching information for kernel and boot components
US20070198851A1 (en) * 2006-02-22 2007-08-23 Fujitsu Limited Of Kawasaki, Japan. Secure processor
US20070245410A1 (en) * 2006-04-17 2007-10-18 Perlman Radia J Method and apparatus for securely forgetting secrets
US7424398B2 (en) * 2006-06-22 2008-09-09 Lexmark International, Inc. Boot validation system and method
US20080005565A1 (en) * 2006-06-29 2008-01-03 Kenta Shiga Computer system and method of updating authentication information of computer system
US20080072070A1 (en) * 2006-08-29 2008-03-20 General Dynamics C4 Systems, Inc. Secure virtual RAM
US20080091945A1 (en) * 2006-10-16 2008-04-17 John Princen Secure device authentication system and method
US20080117679A1 (en) * 2006-11-19 2008-05-22 Pramila Srinivasan Securing a flash memory block in a secure device system and method
US20080148061A1 (en) * 2006-12-19 2008-06-19 Hongxia Jin Method for effective tamper resistance
US20080178256A1 (en) * 2007-01-23 2008-07-24 Brian Perrone System and method providing policy based control of interaction between client computer users and client computer software programs
US20080301469A1 (en) * 2007-05-29 2008-12-04 Plouffe Jr Wilfred E Cryptographically-enabled Privileged Mode Execution
US20080298581A1 (en) * 2007-05-29 2008-12-04 Masana Murase Application-Specific Secret Generation
US7886162B2 (en) * 2007-05-29 2011-02-08 International Business Machines Corporation Cryptographic secure program overlays
US20090086974A1 (en) * 2007-10-02 2009-04-02 Masana Murase Support for Multiple Security Policies on a Unified Authentication Architecture
US20090089579A1 (en) * 2007-10-02 2009-04-02 Masana Murase Secure Policy Differentiation by Secure Kernel Design

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070226492A1 (en) * 1999-03-27 2007-09-27 Microsoft Corporation Secure processor architecture for use with a digital rights management (drm) system on a computing device
US8065521B2 (en) * 1999-03-27 2011-11-22 Microsoft Corporation Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US7627768B2 (en) * 2002-03-26 2009-12-01 Oberthur Card Systems Sa Method and device for automatic validation of computer program using cryptography functions
US20050207572A1 (en) * 2002-03-26 2005-09-22 Vincent Finkelstein Method and device for automatic validation of computer program using cryptography functions
US8700535B2 (en) 2003-02-25 2014-04-15 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US8719171B2 (en) 2003-02-25 2014-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US8781969B2 (en) 2005-05-20 2014-07-15 Microsoft Corporation Extensible media rights
US20080301469A1 (en) * 2007-05-29 2008-12-04 Plouffe Jr Wilfred E Cryptographically-enabled Privileged Mode Execution
US20080298581A1 (en) * 2007-05-29 2008-12-04 Masana Murase Application-Specific Secret Generation
US8422674B2 (en) 2007-05-29 2013-04-16 International Business Machines Corporation Application-specific secret generation
US8433927B2 (en) 2007-05-29 2013-04-30 International Business Machines Corporation Cryptographically-enabled privileged mode execution
US8332636B2 (en) 2007-10-02 2012-12-11 International Business Machines Corporation Secure policy differentiation by secure kernel design
US20090089579A1 (en) * 2007-10-02 2009-04-02 Masana Murase Secure Policy Differentiation by Secure Kernel Design
US9542537B2 (en) * 2009-11-09 2017-01-10 Siemens Aktiengesellschaft Method and system for confidentially providing software components
US20120321089A1 (en) * 2009-11-09 2012-12-20 Siemens Aktiengesellsghaft Method and System for Confidentially Providing Software Components
US8448169B2 (en) 2010-07-12 2013-05-21 International Business Machines Corporation Managing unique electronic identification for kernel extensions in isolated virtual space
US8397245B2 (en) 2010-07-12 2013-03-12 International Business Machines Corporation Managing loading and unloading of shared kernel extensions in isolated virtual space
US8527989B2 (en) 2010-07-12 2013-09-03 International Business Machines Corporation Tracking loading and unloading of kernel extensions in isolated virtual space
US20170161502A1 (en) * 2014-08-11 2017-06-08 Red Hat, Inc. Secure remote kernel module signing
US9608823B2 (en) * 2014-08-11 2017-03-28 Red Hat, Inc. Secure remote kernel module signing
US10445504B2 (en) * 2014-08-11 2019-10-15 Red Hat, Inc. Secure remote kernel module signing
CN104486355A (en) * 2014-12-30 2015-04-01 大连楼兰科技股份有限公司 Method and device for preventing malicious manipulation of codes
CN107784226A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 The method and system that code is maliciously tampered are prevented using rivest, shamir, adelman
US11681809B2 (en) * 2018-04-19 2023-06-20 Canon Kabushiki Kaisha Information processing apparatus, control method, and storage medium
US11483137B2 (en) * 2020-01-22 2022-10-25 Micron Technology, Inc. Dynamic command extension for a memory sub-system
US11895226B2 (en) 2020-01-22 2024-02-06 Micron Technology, Inc. Dynamic command extension for a memory sub-system
US10747875B1 (en) * 2020-03-19 2020-08-18 Cyberark Software Ltd. Customizing operating system kernels with secure kernel modules
US20230089388A1 (en) * 2020-04-03 2023-03-23 Hangzhou Hikvision Digital Technology Co., Ltd. Method and Intelligent Apparatus for Calling Permission Verification of Protected Intelligent Application
CN114138691A (en) * 2021-11-05 2022-03-04 杭州薮猫科技有限公司 Kernel extension method, device and equipment based on callback mechanism

Also Published As

Publication number Publication date
WO2008145602A1 (en) 2008-12-04
US8332635B2 (en) 2012-12-11

Similar Documents

Publication Publication Date Title
US8332635B2 (en) Updateable secure kernel extensions
US7886162B2 (en) Cryptographic secure program overlays
US8422674B2 (en) Application-specific secret generation
US8332636B2 (en) Secure policy differentiation by secure kernel design
US8166304B2 (en) Support for multiple security policies on a unified authentication architecture
US8433927B2 (en) Cryptographically-enabled privileged mode execution
JP4498735B2 (en) Secure machine platform that interfaces with operating system and customized control programs
KR100692348B1 (en) Sleep protection
KR100611687B1 (en) Multi-token seal and unseal
KR100996784B1 (en) Saving and retrieving data based on public key encryption
KR101067399B1 (en) Saving and retrieving data based on symmetric key encryption
US7055029B2 (en) Cryptographic system enabling ownership of a secure process
US8438658B2 (en) Providing sealed storage in a data processing device
CN110825672A (en) High performance autonomous hardware engine for online cryptographic processing

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PLOUFFE, WILFRED E., JR.;SHIMIZU, KANNA;ZBARSKY, VLADIMIR;REEL/FRAME:019360/0641;SIGNING DATES FROM 20070523 TO 20070525

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PLOUFFE, WILFRED E., JR.;SHIMIZU, KANNA;ZBARSKY, VLADIMIR;SIGNING DATES FROM 20070523 TO 20070525;REEL/FRAME:019360/0641

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20201211